What is MAS?
The Monetary Authority of Singapore (MAS) is the central bank and the financial regulatory authority of Singapore that published Technology Risk Management (TRM) Guidelines to help financial firms establish sound technology risk management, strengthen system security, and safeguard sensitive data and transactions. MAS recognizes cloud services as a form of outsourcing. The TRM guidelines contain the best practices that financial institutions should adopt while conducting business in Singapore. While MAS compliance is voluntary, the benchmark is used while assessing the risk of financial institutions.
MAS + Cloud
The primary focus of MAS-TRM is access control and encryption of confidential data. Since MAS recognizes cloud services as a form of outsourcing, it is the customer’s job to ensure they follow the best practices. MAS guidelines state encrypting sensitive or confidential information before it is transported offsite for storage. MAS guidelines also recommend that confidential information stored on IT systems, servers, and databases should be encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”. Grant access rights and privileges should be given based on job responsibility. As such, no one should have any intrinsic right to access confidential data by virtue of rank or position. MAS recommends financial institutions maintain audit logging of system activities performed by privileged users and, at the same time, disallow privileged users from accessing systems logs in which their activities are being captured.
The TRM guidelines by MAS are not legally binding, but since they form the benchmark while assessing financial institutions' risk, they become extremely important. Even if your organization isn’t a financial institution, being MAS guidelines compliant will only help you in the long run. Having privileged access management and access control will protect your organization from malicious insider attacks like breaches and leaks of the sensitive data your company stores. And in the event of such a tragedy, you may face a massive financial and reputational loss. Cloudanix helps you achieve MAS compliance and make your cloud infrastructure secure by ensuring you implement the TRM guidelines. Cloudanix automates audits that perform various checks consisting of different rules on a wide variety of recipes that we provide. For instance, our AWS recipe of EKS Audit contains rules like Non-public Endpoints, EKS Security Groups, ECR Private Repo, and many more. These audit rules help you comply with MAS by detecting any infringement in the access control and privilege management. We have many other recipes and rules that ensure you follow the best security practices specified by the MAS-TRM guidelines while we are taking care of your security audits!